Use of a biometric for authentication is a recent trend for non-password authentication. Biometrics may be used in biometric encryption (“biometric cryptosystem”). In a biometric cryptosystem, a cryptographic key may be transformed or unlocked from the biometric data, and this key may be used for authentication or to decrypt user secrets such as passwords or documents.
Differences between a biometric cryptosystem and conventional biometric schemes may include (1) in the biometric cryptosystem the biometric data is typically not to be stored in a database or on a platform, and so the biometric cryptosystem may offer better protection of the biometric data from offline attacks; (2) in the biometric cryptosystem the keys generated from the biometric data may be dynamic and revocable. If an end user uses biometric cryptosystem in multiple transactions, her transactions may be unlinkable; (3) a biometric cryptosystem may offer better privacy over conventional biometric schemes, as the service provider or the local platform may not keep the biometric of the end user.
Schemes to transform or to unlock a cryptographic key (also “key” herein) from biometric input are typically based on only one biometric. However, one type of biometric data (e.g., fingerprint, iris, face, palm print, voice) may not have enough entropy to provide an acceptable level of security, e.g., for a high security key.